Listen Now

What You'll LearnBefore Chika joined Tugboat Logic, she began her career in IT and eventually moved into security at two of Nigeria's largest banks (UBA Group and Union Bank of Nigeria). Given her experience and wealth of knowledge, it was a natural fit for Chika to become a trusted advisor and go-to for all things security and compliance. In this episode, you'll learn: Where she sees the future of audits heading. Security best practices all organizations should do based on her time at UBA Group and Union Bank of Nigeria (the two largest banks in Nigeria!). The craziest work experience at either of those banks. The biggest sort of “culture shock” from working at a start-up compared to working at a bank. The one big scary thing on the horizon in the security world that you think everyone needs to pay attention to. The one thing she sees customers do that other customers need to do/know.

What You'll LearnBefore he founded his third start-up, Danny started his career in the ecommerce space at an ad agency. He got bored with the ad agency life and started his own ecommerce company, which he then sold to Walmart. The entrepreneur bug bit him again, so he started his second ecommerce company, and had a successful exit with Amazon. Given his experience and having dealt with security issues for over 10 years straight, Danny shares: What motivates him to keep building companies How he decided on the right solution for SOC 2 prep for him and his company Why you always need to do your due diligence when evaluating vendors PSA on why you need to avoid this one SOC 2 automation vendor Learnings for getting ready for SOC 2 audits: Get SOC 2 done before customers ask for it; Be frank and upfront with your auditor; Get security right the first time around; Don't reinvent the wheel Why Tugboat is better than other solutions out there Section Timestamps[02:17] What motivates him to keep building companies [07:18] How he decided on the right solution for SOC 2 prep for him and his company[09:48] Why you always need to do your due diligence when evaluating vendors[10:38] PSA on why you need to avoid this SOC 2 automation vendor[19:37] Learning #1 for getting ready for SOC 2 audits: Get SOC 2 done before customers ask for it[20:25] Learning #2 for getting ready for SOC 2 audits: Be frank and upfront with your auditor[21:20] Learning #3 for getting ready for SOC 2 audits: Get security right the first time around[23:08] Learning #4 for getting ready for SOC 2 audits: Don't reinvent the wheel[24:24] Why Tugboat is better than other solutions out there

What You'll LearnBalaji has been in the security industry for about 22 years and was an early employee at VMware (virtualization was just starting to take off). After VMware, he became VP of Engineering & Operations at CloudPhysics, a cloud infrastructure assessment start-up. While at CloudPhysics, and drawing upon his experiences, Balaji realized there wasn't a tool or solution that gave visibility into cloud infrastructure and the identities their operations are entitled to. So, he created CloudKnox to solve that problems and shares: How one company had seven years of work (i.e. their entire infrastructure) wiped out in 24 hours by a ransomware hacker thanks to lack of IAM security. Why it's not the cloud infrastructure companies' (e.g. AWS, Azure, GCP) responsibility to keep your infrastructure secure. The three most common things people don't configure properly (e.g. excessive permissions) with respect to access controls and cloud infrastructure. How CloudKnox simplifies and automates managing access controls. Why you should put in a system to manage access controls. Section Timestamps[05:31] How one company had seven years of work (i.e. their entire infrastructure) wiped out in 24 hours by a ransomware hacker thanks to lack of IAM security. [08:00] Why it's not the cloud infrastructure companies' (e.g. AWS, Azure, GCP) responsibility to keep your infrastructure secure. [08:52 - 12:02] The three most common things people don't configure properly (e.g. excessive permissions) with respect to access controls and cloud infrastructure. [12:02] How CloudKnox simplifies and automates managing access controls.[20:50] Why you should put in a system to manage access controls.

What You'll LearnBefore he became CEO at Lacework, Dan started his career building the network at one of the first ISPs in Canada. Over the years, he helped build Websense (and a new web security category!) and take it public. Afterward, he became CTO at OpenDNS and had a successful exit with Cisco. Given his experience and having been in security for ~30 years, Dan shares: What are the most commonly missed things around securing containers, Kubernetes, and other parts of the "new stack". How vulnerable Kubernetes is when you think about it. How to secure serverless technology like Lambda. How to prep for and pass security audits when you're using "new stack" technology. Security considerations for multicloud environments. Other cloud security best practices. Section Timestamps[03:53] What are the most commonly missed things around securing containers, Kubernetes, and other parts of the "new stack".[06:10] How vulnerable Kubernetes is when you think about it.[09:55] How to secure serverless technology like Lambda.[12:39] How to prep for and pass security audits when you're using "new stack" technology.[16:59] Security considerations for multicloud environments.[23:00] Other cloud security best practices.

What You'll LearnAs "Elder Nerd" and one of Tugboat's go-tos for all things security at Tugboat, Scott loves sharing his knowledge and experience. He shares: The first thing you need to do from a security standpoint before you ship any code. How to figure out what kind of security options are the most important and the most cost-effective when you're starting out. Why you should prove you're secure ASAP with a certification like SOC 2. Why you should always do risk assessments periodically. Sections[ ] Blah Links Tugboat Logic Home The